Home > Windows Server > Locking down terminal services

Locking down terminal services

This is the list of Group Policy and registry changes I like to make for terminal services environment:

GROUP POLICY CHANGES – to force, run GPUPDATE from command line, then log out and back in to test.
Computer Configuration
Administrative Templates
Windows Components
Terminal Services
Remove Windows Security Item from Start Menu – enabled
Remove Disconnect option from Shut Down dialog – enabled
Windows Update
Configure automatic updates – disabled
Windows Messenger
Do not start windows messenger initially – enabled
User Configuration
Administrative Templates
Start Menu and Taskbar
Add Logoff to the Start Menu – enabled
Remove and prevent access to the Shut Down command – enabled
Turn off personalized menus – enabled
Turn off notification area clenup – enabled
Do not display any custom toolbars in the taskbae – enabled
Remove Set Program Access and Defaults from Start Menu – enabled
Desktop
Active Desktop
Enabled Active Desktop – enabled
Prohibit Changes – enabled
Active Desktop Wallpaper – path to wallpaper file, and style (e.g. C:\DELL\wallpaper.jpg, wallpaper style: stretch)
Remove Desktop Cleanup Wizard – enabled

REGISTRY CHANGES
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
Add following Value: NoDisconnect (REG_DWORD) 0x1 = Hide Disconnect menu item

Value: NoDisconnect (REG_DWORD) 0x1 = Hide Disconnect menu item
Advertisements
Categories: Windows Server
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: